InfoQ – GhostWrite Vulnerability in C910 and C920 RISC-V CPUs
09Aug24
Security researchers at the CISPA Helmholtz Center for Information Security have discovered a vulnerability they’ve called ‘GhostWrite’ that’s caused by a hardware bug in T-Head’s XuanTie C910 and C920 RISC-V CPUs. Vector extensions that are supposed to provide translation of virtual memory addresses to physical addresses don’t work, meaning that an attacker can gain access to the contents of memory and any attached devices. The bug was found using RISCVuzz ‘Differential Hardware Fuzzing’ tool, which the researchers describe in a paper (pdf). They also discovered ‘Halt and Catch Fire’ bugs in T-Head C906 and C908 CPUs that could be exploited for denial of service attacks.
Filed under: InfoQ news, security | Leave a Comment
Tags: fuzzing, GhostWrite, InfoQ, RISC-V, security
Subscribe
Recent Comments
Chris Swan on Milo cancer diary part 20… Chris Swan on Milo cancer diary part 20… Chris Swan on USB C Charger Reviews Peter on USB C Charger Reviews “Yes, ma’am” – being… on July 2025 
Pinboard.in bookmarks- Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing
- Captaincy
- £21 million backing for technology to stop cyber attackers
- Bitcoin forensics: How crypto became law enforcement's tool
- Spec-Driven Development Isn’t New
- Software William of Materials
- World plugs
- RISC-V Takes First Step Toward International Standardization as ISO/IEC JTC1 Grants PAS Submitter Status
- I made a 10 Cent MCU Talk
- State of Embedded: Q4 2025 Overview
Chris Swan's Weblog 
No Responses Yet to “InfoQ – GhostWrite Vulnerability in C910 and C920 RISC-V CPUs”